Re: DJB about NSEC3 - DNS

This is a discussion on Re: DJB about NSEC3 - DNS ; > On Tue, Sep 02, 2008 at 09:50:15AM +0100, Roy Arends wrote:
> > I'd like to have more information how the "NSEC3" variant of DNSSEC is
> > almost always breakable? I'd like to know how to interpret "almost ...

Re: DJB about NSEC3

> On Tue, Sep 02, 2008 at 09:50:15AM +0100, Roy Arends wrote:
> > I'd like to have more information how the "NSEC3" variant of DNSSEC is
> > almost always breakable? I'd like to know how to interpret "almost always
> > breakable".
>
> I think it has been established that NSEC(3) allows the creation of
> non-existent names within secured zones, if I followed things directly.
>
> So even if importantbank.com is signed, I can try to spoof in
> NS records for secure.importantbank.com, using a purloined NSEC(3) record tha
> t
> covers secure.importantbank.com. The secure.importantbank.com zone is then
> unsigned, and contains the data of my choice.
>
> As long as secure.importantbank.com does not exist already of course.
>
> As a precautionary measure, importantbank.com might want to have dummy
> records for everything that 'looks' official.
>
> Bert

Assuming the optout is not in use.

You can't bring a secure delegation into existance under a
NSEC3 zone and have the subzone validate. NSEC3 is as
strong as NSEC for this case.

You can bring a insecure delegation into existance iff there
is another insecure delegation and the hash of the name
your are trying to bring into existance matches the hash
of a existing insecure delegation.

Given the it's a sha1 hash that's n in 2^160 for the hash
of any abitrary name matching one a existing nsec3 hash where
n is the number of insecure delegations.